User Guide
OmniAccess SafeGuard OS Administration Guide
324
Chapter 7: Establishing a Security Policy
Policy-based mirroring is used in user and malware policies to mirror specific host
activities. Port 21 on the OmniAccess 2400 SafeGuard and port 9 on the OmniAccess 1000
SafeGuard may be configured as the destination port for mirroring. To configure policy-
based mirroring use the monitor policy-based destination m1 command in Global
Configuration mode.
monitor policy-based destination m1 [slot/port]
This command is used in conjunction with the policy filter which controls the specific
traffic to mirror.
For example, the following command assigns port 9 on a OmniAccess 1000 SafeGuard to
receive the mirrored data:
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #monitor policy-based destination m1 0/9
(SafeGuardOS) (config) #exit
(SafeGuardOS) #
Use the no version of the monitor policy-based destination m1 command to clear the
mirroring port configuration. The syntax of the Global Configuration command is:
no monitor policy-based destination m1
The following example clears port 21 on a OmniAccess 2400 SafeGuard as the destination
port for mirroring:
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #no monitor policy-based destination m1
(SafeGuardOS) (config) #exit
(SafeGuardOS) #
Policy Debug
To enable the capture of debug information for policy, use the policy debug command in
Privileged Exec mode. When policy debug is enabled, the policy hit events are logged on
the host side and some additional statistics is maintained to help system debugging.
Syntax Description slot/port The port assigned as the mirror destination
port. The port is designated in slot/port
notation. Valid entries are 0/21 for the
OmniAccess 2400 SafeGuard and 0/9 on
the OmniAccess 1000 SafeGuard. On the
OAG4048, any port can be designated as
the destination port.